[webkit-reviews] review granted: [Bug 125694] jsCStack:REGRESSION: "print(=?UTF-8?Q?=E2=80=9CMy=20object?=:=?UTF-8?Q?=20=E2=80=9C=20=2B=20=7B=20=7D?=); =?UTF-8?Q?=E2=80=9D=20crashes=20LLINT=20in=20op=5Fcall=20?=: [Attachment 219192] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 13 13:29:57 PST 2013
Filip Pizlo <fpizlo at apple.com> has granted Michael Saboff <msaboff at apple.com>'s
request for review:
Bug 125694: jsCStack:REGRESSION: "print(“My object: “ + { });” crashes LLINT in
op_call
https://bugs.webkit.org/show_bug.cgi?id=125694
Attachment 219192: Patch
https://bugs.webkit.org/attachment.cgi?id=219192&action=review
------- Additional Comments from Filip Pizlo <fpizlo at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=219192&action=review
> Source/JavaScriptCore/interpreter/ProtoCallFrame.cpp:47
> - // FIXME: CStack - Align the combination of sentinel frame + callee
frame
> - // Maybe this should be in callToJavaScript.
> - if (!(paddedArgsCount & 1))
> - paddedArgsCount++;
> + // Round up paddedArgsCount to keep the stack frame size aligned.
> + paddedArgsCount = WTF::roundUpToMultipleOf<2>(paddedArgsCount);
Use stackAlignmentRegisters().
More information about the webkit-reviews
mailing list